📘 DoS and DDoS Detection & Prevention — Exam Notes (Network Security)
🔐 1. Definition
🔹 Denial of Service (DoS)
A DoS attack is an attempt to make a network, server, or service unavailable by overwhelming it with excessive traffic or requests.
🔹 Distributed Denial of Service (DDoS)
A DDoS attack is similar to DoS, but it is launched from multiple systems (botnets) at the same time.
👉 Simple idea:
- DoS = One attacker
- DDoS = Many attackers (more powerful)
⚠️ 2. How DoS/DDoS Attacks Work
- Attacker sends a large number of requests
- Server resources (CPU, memory, bandwidth) get exhausted
- Legitimate users cannot access the service
🧱 3. Types of DoS/DDoS Attacks
🔸 1. Volume-Based Attacks
- Flood network with traffic
- Example: UDP Flood
🔸 2. Protocol Attacks
- Exploit weaknesses in protocols
- Example: SYN Flood
🔸 3. Application Layer Attacks
- Target specific applications
- Example: HTTP Flood
🔍 4. Detection of DoS/DDoS Attacks
🔹 1. Traffic Analysis
- Monitor unusual traffic spikes
🔹 2. Network Monitoring Tools
- IDS/IPS systems detect suspicious activity
🔹 3. Behavior Analysis
- Identify abnormal patterns (e.g., repeated requests)
🔹 4. Log Analysis
- Check server logs for unusual activity
🚨 5. Symptoms of DoS/DDoS Attacks
- Slow network performance
- Website/server becomes unavailable
- High bandwidth usage
- Increased number of requests from unknown sources
🛡️ 6. Prevention Techniques
🔸 1. Firewalls
🔸 2. Intrusion Prevention Systems (IPS)
- Detect and block attacks automatically
🔸 3. Rate Limiting
- Limit number of requests per user
🔸 4. Load Balancing
- Distribute traffic across multiple servers
🔸 5. Traffic Filtering
- Block suspicious IP addresses
🔸 6. Network Redundancy
- Use multiple servers and backup systems
🔸 7. Use of CDN (Content Delivery Network)
- Distributes traffic globally to reduce load
🔸 8. Anti-DDoS Services
- Specialized protection systems
🔐 7. Defense Strategies
🔹 Proactive Defense
-
Prepare before attack:
- Strong infrastructure
- Monitoring systems
🔹 Reactive Defense
-
Respond during attack:
- Block IPs
- Redirect traffic
📊 8. Important Concept
🔸 Traffic Threshold Rule
If Traffic > Normal Threshold → Possible DoS Attack
🖼️ 9. Diagram Descriptions
📌 DoS Attack Diagram
- Single attacker → Server → Overload
📌 DDoS Attack Diagram
- Multiple attackers (botnet) → Server → Crash
📌 Load Balancing Diagram
- Traffic → Multiple servers → Balanced load
🧾 10. Real-Life Examples
- 🌐 Popular websites becoming unavailable due to heavy traffic attacks
- 🏢 Company servers crashing due to DDoS
- 🎮 Online gaming servers targeted by attackers
📝 Likely Exam Questions
- Define DoS and DDoS attacks.
- Differentiate between DoS and DDoS.
- Explain types of DoS attacks.
- How can DoS/DDoS attacks be detected?
- Describe prevention techniques for DDoS.
- What are symptoms of a DoS attack?
- Explain rate limiting and load balancing.
- What is a botnet?
- Describe application-layer attacks.
- Write short notes on:
- SYN Flood
- CDN
- Traffic filtering
📌 Quick Summary / Conclusion
- DoS/DDoS attacks aim to make services unavailable.
- DDoS is more dangerous due to multiple attackers.
- Detection involves monitoring traffic and behavior.
- Prevention includes firewalls, IPS, load balancing, and CDNs.
- Strong planning and layered defense reduce risks.
👉 In short:
DoS and DDoS attacks disrupt services, but proper detection and multi-layered prevention can effectively defend against them.